Where does the kernel ring buffer sit relative to rsyslog

Although various pieces of documentation (including man dmesg) refer to it as "the kernel ring buffer", it might be better to refer to it as the kernel log buffer, since "ring buffer" is a generic term and I believe the kernel also uses ring buffers for various completely unrelated things. The "printk buffer" is also appropriate, after the kernel space function used to write to it.

Anyway, it resides in kernel space and a read interface is provided via /proc/kmsg and a read-write interface via /dev/kmsg. So if as root you go:

echo "Hello Kernel!" > /dev/ksmg

You'll see it if you then cat /dev/ksmg (you probably won't see this turning up in any logs, however -- see Matthew Phipps' comment below for a possible reason). This is raw output and does not look exactly like the stuff you see from dmesg or in your log files. There is a little bit of documentation about this provided with the kernel source. Reading from /proc/kmsg (not the same as /dev/ksmg) is recommended against if (r)syslog is running.

Rsyslog is one of a number ofsyslog implementations commonly used on linux. These are userland applications that source kernel messages from /proc/ksmg and messages from other userland processes via a socket, /dev/log.